version: '2.3'

services:
  kafka_zookeeper:
    image: zookeeper:3.4.9
    hostname: kafka_zookeeper
    ports:
      - 2181:2181
    environment:
      ZOO_MY_ID: 1
      ZOO_PORT: 2181
      ZOO_SERVERS: server.1=kafka_zookeeper:2888:3888
    security_opt:
      - label:disable

  kafka1:
    image: confluentinc/cp-kafka:5.2.0
    hostname: kafka1
    ports:
      - ${KAFKA_EXTERNAL_PORT}:${KAFKA_EXTERNAL_PORT}
    environment:
      KAFKA_ADVERTISED_LISTENERS: INSIDE://localhost:${KAFKA_EXTERNAL_PORT},OUTSIDE://kafka1:19092
      KAFKA_ADVERTISED_HOST_NAME: kafka1
      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INSIDE:PLAINTEXT,OUTSIDE:PLAINTEXT
      KAFKA_INTER_BROKER_LISTENER_NAME: INSIDE
      KAFKA_BROKER_ID: 1
      KAFKA_ZOOKEEPER_CONNECT: kafka_zookeeper:2181
      KAFKA_LOG4J_LOGGERS: "kafka.controller=INFO,kafka.producer.async.DefaultEventHandler=INFO,state.change.logger=INFO"
      KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
    depends_on:
      - kafka_zookeeper
    security_opt:
      - label:disable
    sysctls:
      net.ipv4.ip_local_port_range: '55000 65535'

  schema-registry:
    image: confluentinc/cp-schema-registry:5.2.0
    hostname: schema-registry
    ports:
      - ${SCHEMA_REGISTRY_EXTERNAL_PORT}:${SCHEMA_REGISTRY_EXTERNAL_PORT}
    environment:
      SCHEMA_REGISTRY_HOST_NAME: schema-registry
      SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: PLAINTEXT://kafka1:19092
      SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:${SCHEMA_REGISTRY_EXTERNAL_PORT}
      SCHEMA_REGISTRY_SCHEMA_REGISTRY_GROUP_ID: noauth
    depends_on:
      - kafka_zookeeper
      - kafka1
    restart: always
    security_opt:
      - label:disable

  schema-registry-auth:
    image: confluentinc/cp-schema-registry:5.2.0
    hostname: schema-registry-auth
    ports:
      - ${SCHEMA_REGISTRY_AUTH_EXTERNAL_PORT}:${SCHEMA_REGISTRY_AUTH_EXTERNAL_PORT}
    environment:
      SCHEMA_REGISTRY_HOST_NAME: schema-registry-auth
      SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:${SCHEMA_REGISTRY_AUTH_EXTERNAL_PORT}
      SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: PLAINTEXT://kafka1:19092
      SCHEMA_REGISTRY_AUTHENTICATION_METHOD: BASIC
      SCHEMA_REGISTRY_AUTHENTICATION_ROLES: user
      SCHEMA_REGISTRY_AUTHENTICATION_REALM: RealmFooBar
      SCHEMA_REGISTRY_OPTS: "-Djava.security.auth.login.config=/etc/schema-registry/secrets/schema_registry_jaas.conf"
      SCHEMA_REGISTRY_SCHEMA_REGISTRY_GROUP_ID: auth
    volumes:
      - ${SCHEMA_REGISTRY_DIR:-}/secrets:/etc/schema-registry/secrets
    depends_on:
      - kafka_zookeeper
      - kafka1
    restart: always
    security_opt:
      - label:disable
